Computers4Sure

 

 

FB Banner

Google
 

FreshBaked.com® - Helping Businesses Get the Technological Competitive Edge Since 1985


 Popcorn!

Software

BLOGS
Gizmodo
Microsoft
Suns COO
Ensight
Google
Monster

Golden Restaurant Guide

SHOPPING

Denver Area Shopping/Destinations

Find Computer Jobs in Denver

Visit the SPAM email hall of Fame

Denver Business News

Copyright 2008 FreshBaked.com®

All rights reserved.

No copying without expressed written permission.

Edited by Greg Hill

06/26/2008 08:04:36 PM

Laptop Security: Windows® Vista™ vs. XP

By Greg Hill

 

Introduction:

Laptop computers are an irresistible target for criminals, resulting in hundreds of thousands of thefts and millions of electronic intrusions causing billions of dollars in losses. The majority of these computers run the Microsoft XP operating system, which, although containing many security enhancements over its predecessors, is nonetheless frequently compromised.

Microsoft boasts that its new operating system, Windows® Vista™, is significantly more effective at protecting computers, especially laptops. What follows is an examination of the failings of Windows XP and the new and improved features of Windows Vista.

The Importance of Securing Laptops

A recent SANS Newsletter cited securing laptops as the top challenge in the years ahead. [1] The importance of laptop security, both in homes and businesses, is overshadowing all other security concerns because:

·         The percentage of laptops to desktops sold is escalating from less than 20% in 2002 to an estimated 50% in 2007. [2]

·         Laptops are portable, easily concealed, and are often left in areas where potential thieves have easy access.

·         The average laptop is more expensive than the average desktop.[2]

·         Sensitive data is often contained on the hard drive to facilitate working without the base network. Here is an illustration from Information Security Magazine: “It's been more than a year since an unattended laptop disappeared from the U.S. Department of State's Washington, D.C., headquarters. Two top-level administrators were fired and four others received career-ending reprimands for losing a notebook computer that contained sensitive nuclear weapons proliferation data. Despite an intensive investigation and a $25,000 reward, the FBI has been unable to recover the missing laptop.” [3]

·         Laptops often access outside networks, such as the Internet, using Wi-Fi and cell technologies that are less secure than an attached private network.

·         Sophisticated thieves are able to extract credentials from stolen laptops allowing them to access private networks and find and use information to enable identity theft, corporate espionage and other lucrative illegal schemes.

 

Here are three examples of the damage that may be encountered by owners of laptop computers:

Case 1. The Stolen Laptop

Over 600,000 laptops are pilfered every year. [4] This represents the second costliest category of the estimated $67,000,000,000 in annual computer crime losses.[5]

Airports and automobiles are frequent locations for laptop thefts, but surprisingly, most are stolen in the workplace.[6) In a recent case in Colorado a laptop containing data for 988 students was stolen from a faculty member’s office at Metropolitan State College of Denver.[7]

Windows XP was installed on the laptop and password security was the only form of protection mentioned.

What are the logical steps the cyber thief will take once in possession of the stolen laptop?

A typical first step is recovering cached credentials. A simple way to accomplish this is to boot the machine with a floppy or CD/DVD, run a program such as pwdump2 to extract the user names and encrypted passwords, then use a tool to crack (decrypt) the passwords.

With the “John the Ripper” cracking tool, I was able to obtain the data from a computer in approximately two hours. If the crook is a professional, he will log into the network long before security administrators are alerted and passwords are changed.  This speed of entry allows the intruder to proceed unhindered.

Once the network is violated, the analysis begins to uncover further possibilities for fun and profit. The thief will have a suite of software to scan the disk and find Social Security Numbers or other valuable data.  Additionally, if the owner of the laptop stores personal information such as drivers license number, bank or credit card numbers, etc. the perpetrator may also exploit that information. The thief may use decrypted credentials to make purchases from online accounts with stored credit card numbers if he finds any in the browser history log.

Once the passwords are cracked and Windows is started, the laptop may also be used as a temporary host for other illegal activities, such as hacking into other machines, launching malware (malicious software designed to infiltrate or damage computer data) and denial of service attacks (DoS), or to route or forward SPAM.

All of the above is easily accomplished with the average XP computer (all references to Windows® XP in this article refer to XP with Service Pack 2 installed, sometimes known as XPSP2). If the owner used the Encrypting File System (EFS) to encode all of the sensitive data on the disk and used a strong password, they  may feel secure, but the system is still easy to breach using the cracked user name and password.

If the criminals are unable to crack the running system, they will remove the hard drive and install it in another machine to obtain the same result. There are other techniques as well, including hacking into the computer using standard software tools (called remote attacks), used because XP always loads critical system routines into the same memory addresses.

Back to top

Next Page

[Valid RSS]